From 49d0d7bcd79783b4dcd6bc1d8795762ed784dd15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= Date: Sun, 4 Aug 2024 18:26:40 +0200 Subject: [PATCH] standard: Stop using `php_combined_lcg()` in `uniqid()` (#15217) Fall back to the fallback generator if the CSPRNG fails instead. This removes the last internal user of `php_combined_lcg()`. --- ext/standard/uniqid.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ext/standard/uniqid.c b/ext/standard/uniqid.c index ec7673a304f..c0b9555ccef 100644 --- a/ext/standard/uniqid.c +++ b/ext/standard/uniqid.c @@ -75,10 +75,9 @@ PHP_FUNCTION(uniqid) uint32_t bytes; double seed; if (php_random_bytes_silent(&bytes, sizeof(uint32_t)) == FAILURE) { - seed = php_combined_lcg() * 10; - } else { - seed = ((double) bytes / UINT32_MAX) * 10.0; + bytes = php_random_generate_fallback_seed(); } + seed = ((double) bytes / UINT32_MAX) * 10.0; uniqid = strpprintf(0, "%s%08x%05x%.8F", prefix, sec, usec, seed); } else { uniqid = strpprintf(0, "%s%08x%05x", prefix, sec, usec);